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METHOD AND SYSTEM FOR FACILITATING A TRUSTED 
ON-LINE TRANSACTION BETWEEN BUSINESSES 
AND NETWORKED CONSUMERS 

FIELD OF THE INVENTION 

The present invention relates generally to the field of on-line systems for 
facilitating a transaction via a trusted network, and in particular, to a method and 
system for facilitating a trusted transaction between business entities and networked 
consumers. 

BACKGROUND OF THE INVENTION 

With the advent of the Internet, virtually anything can be bought, sold, or 
negotiated on-line. Currently, many Web portals offer products and/or services to 
business entities and consumers. One serious problem facing many of these Web 
portals is in the area of security. Although some aspects of the security concerns 
have been resolved or at least reduced using various encryption or related 
technologies, many fraudulent transactions still occur because the current security 
measures are generally inadequate to address certain types of security breaches. 

Currently, there are at least two major security issues in regard to on-line 
transactions. The first issue concerns confidentiality, that is, the ability to make a 
transaction without the transaction being known or intercepted by a third party. For 
instance, when a consumer purchases a product or service on the Internet using a 
credit card (i.e., submitting the credit card number and other requested information 
to the seller), it is imperative that the transaction be confidential such that sensitive 
information such as the credit card number, expiration date, and the identity of the 
product or service purchased, not be revealed to unauthorized parties. This aspect 
of on-line security has been dealt with, and to large extent, resolved, through the 
encryption technology where the sensitive information is encoded to prevent third 
parties from reading the data, even if the data were to be intercepted. 
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The second security issue concerns authentication, that is, the ability to 
uniquely identify the individual who is making the transaction. For instance, taking 
the example above where a consumer purchases a product or service on the Internet 
using a credit card, it is imperative that the seller be able to determine that the 
5 person submitting the credit card information is actually the owner of the credit 
card, or a person authorized by the owner. Failure to do so means that the 
transaction can be made void by the actual owner. The ability to identify the 
individual protects against at least two types of fraudulent transactions. One type is 
the case where an unauthorized person uses the credit card number of others to 

10 purchase a good or service on the Internet. The other type is the case where an 
authorized person uses the credit card, but who later denies having made the 
transaction. It is a commonly known fact that many credit card transactions result in 
a default due to a seller's inability to properly authenticate the identity of the 
individual making the transaction. 

1 5 Ciirrently, there are many authenticating devices and methods for uniquely 

identifying individuals which can presumably be used to prevent or limit the 
fraudulent transactions due to improper authentication. One such system is one 
employing digital certificate technology where a user obtains an encrypted file from 
a certificate authority who, before giving out the certificate in a special storage 

2 0 device such as a smart card, authenticates the user by requiring the user to produce 
an acceptable identification card. A special reader is then attached to the user's PC 
to read the digital certificate stored in the smart card. When a secure fransaction 
needs to be made, the digital certificate is sent to the fransacting party who then 
verifies the authenticity of the certificate and reads the information provided in the 

2 5 certificate such as the name of the person whom the certificate belongs to. 

The fingerprint identification system, on the other hand, employs a 
fingerprint reading device which is attached to a user's PC. Whenever a secure 
transaction needs to be made, the user places a finger on the reader, and a digital 
image of the reader is sent to the fransacting party. The image is then compared 

3 0 against a previously stored image in a database to identify the individual. 
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Although these devices may significantly reduce the on-Une fraudulent 
transactions due to improper authentication, at this time, it is unrealistic to expect 
consumers to purchase such a device for the sole purpose of conducting a 
transaction over the Internet, especially, when alternative less-costly options such as 
5 offline purchases are available. In addition, because there are currently no single 
standard or device which is acceptable to all, purchasing such a device does not 
necessarily ensure that a trusted transaction would be possible. 

For these reasons, many types of transactions which can presumably occur 
on-line are still being done only through the traditional off-line mediums, though 

10 conceivably such transactions may be facilitated on the Internet if a trusted method 
of transaction not requiring the consumers to piirchase such authenticating devices 
were to be available. While many types of transactions would fall under this 
category, one notable example is the transactions concerning group benefits plans 
which cater to business entities and other entities such as educational institutions, 

15 clubs or associations which have a large base of individuals, e.g. employees, 
students, club members, etc., who are associated with the entity. These benefits can 
include services such as insurance coverage of all types, e.g., medical, dental, life, 
travel; loans with below-market rates; mobile phone service plans; etc. The benefits 
can also include goods which are sold to the associated individuals at a discounted 

2 0 rate. 

A tmique characteristic of the group benefits plans is that while the end 
product or service directly benefits the associated individuals, e.g., employees, club 
members, etc., the plans are negotiated by the entity whom the individuals are 
associated with. Take for instance, a company employing a large number of 

2 5 employees. A group benefits plan such as group insurance would be negotiated by 

the employer, i.e., the company, on behalf of the employees. By having control over 
a large pool of potential customers, the company is able to negotiate a better deal 
with the benefit provider than if the employees were to negotiate the benefit directly. 
Currently, most aspects of procuring and administering of group benefits are 

3 0 manual in nature. Namely, the employer would have to manually choose and 
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contact the group benefit provider and the group benefits plans are shown and 
negotiated off-line. Even after the plan is chosen, the details of the plan are 
generally presented to the employees in a manual manner. The shortcomings of 
such manual methods are many. First, because the company must manually select 
5 and contact each of group benefit providers and individually negotiate the plan, 
much time and resources are wasted, and thus, only a limited number of providers 
may be considered. And second, the administration of the benefits plan is 
inefficient because the employees must often communicate their choices and desires 
through the employer, even when a direct contact between the benefit provider and 

1 0 the employees would be more sensible and efficient. 

While it can be appreciated that there is a need for system and method for 
facilitating a trusted transaction between business entities and consumers, and one 
which can be used to efficiently transact group benefits plans, currently, no such 
systems are knovra to exist, and certainly, none which are both efficient and 

15 trustworthy. 

SUMMARY OF THE INVENTION 

It is therefore an object of the present invention to overcome the 

2 0 shortcomings as described above. 

The present mvention establishes a trusted market place which allows goods 
and services to be transacted on the Internet between business entities and certain 
types of consumers called "networked consumers" who can be properly 
authenticated without requiring each to obtain an authenticating device or system. 
25 The market players are the business entities, the networked entities, and the 
networked consumers. In this market structure, a plurality of business entities have 
access to the market place, and they place details of goods and/or services to be sold 
on-line. The networked consumers can access the market place, but at least the 
registration must occur through the networked entities. Where the goods or services 

3 0 being offered by a business entity is a group benefits plan, the plan is first negotiated 
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by the networked entity before it is made available to the network consumers. By 
accessing the market place, the networked consumers can purchase goods and 
services provided by the business entities, make choices about group benefits plans, 
and conduct other transactions. Because authentication is done via the networked 
5 entities, no authentication device is needed by the networked consumers. 

The system for implementing the market structure comprises an 
administrator server which generally includes a server engine for performing various 
server functions; various databases for storing data relating to the business entities, 
networked entities, networked consumers, and the products and services being 

10 offered by the business entities; a plurality of Web pages which provide the 
necessary interfaces for facilitating the various transactions; and a secxirity engine 
which performs various security functions including the function of authenticating 
the various parties accessing the server. The administrator's server is connected via 
the Internet to the business entities' PCs or servers which are coupled to an 

15 authenticating system. The servers of the networked entities are also connected via 
the Internet to the administrator server. The servers of the networked entities are 
also coupled to an authenticating system. Each of the networked entities has a 
secure intra-network system which links its server to its networked consumers' PCs. 
A general methodology employed in faciUtating a trusted sale of a product or 

2 0 service using the present system begins by having the business entity first registers 

with the administrator preferably by accessing the administrator's Web site and 
entering the requested information. Once the business entity is properly registered, 
the business entity submits the details of the products and/or services to be sold to 
the networked consumers so that they may be published on the administrator's Web 
25 site. The networked entity then registers itself with the administrator. Next, the 
networked consumer registers himself at the administrator's Web site. Once 
properly registered, the registered consumer accesses the administrator's Web site, 
and makes selections of the goods and services he or she wishes to purchase. Next, 
a payment for the good and/or services is made or arranged to be made. Finally, the 

3 0 business entity delivers the selected product or performs the service. 
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In the case where the product or service being offered is a group benefits 
plan, the group benefits provider (GBP) first develops a general group benefits plan. 
Multiple plans may be created to suit the needs of different customers. Next, the 
GBP registers with the administrator preferably by accessing the administrator's 
5 Web site and entering the requested information. Once the GBP is properly 
registered, the GBP submits the details of the plans it has developed so that they 
may be published on the administrator's Web site for viewing by the networked 
entities. The networked entities, to be able to access the Web page containing the 
details of the plans, must first register with administrator. After a successful 

10 registration, the networked entity accesses the administrator's Web site and obtains 
the details of the group benefits plans submitted by the GBP. Then the network 
entity (most likely through its human resource personnel) contacts the GBP and 
negotiates a group benefits plan which is customized for its networked consumers. 
When a consensus is reached, the customized group benefits plan is endorsed by the 

15 networked entity. 

An embodiment of the present invention is a method facilitated by a 
computer network to accomplish a trusted transaction between a business entity and 
a networked consumer. The method provides an administrative server having a 
communications channel for electronically communicating with the business entity 

20 and having a commimications channel for electronically communicating with a 
networked entity and the networked consumer. A business registration system is 
provided in the administrative server wherein the business entity can be 
authenticated and a unique identifier is assigned to the business entity (BEID), 
whereby the business entity is designated a registered business entity. The 

25 registered business entity is allowed to selectively access the administrative server 
to submit details of products and/or services provided by the registered business 
entity and to view selections made by the networked consumer wherein the 
administrative server will store the details of products and/or services provided by 
the registered business entity. A networked entity registration system is provided in 

30 the administrative server wherein the networked entity can be authenticated, 
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whereby the networked entity is designated a registered networked entity. A 
networked consumer registration system is provided in the administrative server 
whereby a networked consumer who has authorized access to a registered 
networked entity's system can be designated a registered consumer and assigned a 
5 unique registered consimier identifier (RCID), and whereby a registered consimier 
with a vahd RCID will be allowed access to data provided by a registered business 
entity and to make selections on the data, the selections being stored in the 
administrative server. 

An another embodiment of the present invention is a method facilitated by a 

10 computer network to accomplish a trusted transaction of a group benefits plan 
involving a business entity, a networked entity, and a networked consumer. The 
method provides an administrative server having a commimications channel for 
electronically communicating with the business entity and having a communications 
channel for electronically communicating with the networked entity and networked 

15 consumer. A business registration system is provided in the administrative server 
wherein the business entity can be authenticated and a unique identifier is assigned 
to the business entity (BEID), whereby the business entity is designated a registered 
business entity. The registered business entity is allowed to selectively access the 
administrative server to submit details of group benefits plans provided by the 

2 0 registered business entity and to view selections made by the networked consumer 
wherein the administrative server will store the details of the group benefits plans 
provided by the registered business entity, A networked entity registration system is 
provided in the administrative server wherein the networked entity can be 
authenticated and a imique identifier is assigned to the networked entity (NEID), 

2 5 whereby the networked entity is designated a registered networked entity. The 

registered networked entity is allowed to selectively access the details of the group 
benefits plans provided by a registered business entity and to endorse the group 
benefits plans wherein the administrative server will store the group benefits plans 
endorsed by the networked entity. A networked consumer registration system is 

3 0 provided in the administrative server whereby a networked consumer who has 
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authorized access to a registered networked entity's system can be designated a 
registered consumer and assigned a unique registered consumer identifier (RCID), 
and whereby a registered consumer with a vahd RCID will be allowed access to the 
endorsed group benefits plans and will be allowed to make selections on the 
5 endorsed group benefits plans. 

In another embodiment of the present invention, an administrative server 
apparatus for facilitating a trusted transaction between a business entity and a 
networked consximer comprises a communication mechanism for allowing the 
administrative server to electronically communicate with the business entity and a 

1 0 communication mechanism for allowing the administrative server to electronically 
communicate with a networked entity and the networked consumer. A business 
registration mechanism is provided wherein the business entity can be authenticated 
and a unique identifier is assigned to the business entity (BEID), whereby the 
business entity is designated a registered business entity. Also provided is a 

1 5 mechanism provided for allowing the registered business entity to selectively access 
the administrative server to submit details of products and/or services provided by 
the registered business entity and to view selections made by the networked 
consumer, and a storage device for storing the details of products and/or services 
provided by the registered business entity. In addition a networked entity 

2 0 registration mechanism is provided wherein the networked entity can be 
authenticated, whereby the networked entity is designated a registered networked 
entity. Further provided is a networked consimier registration mechanism whereby 
a networked consvmier having authorized access to a registered networked entity's 
system can be designated a registered consumer and assigned a unique registered 

25 consumer identifier (RCID), and whereby a registered consumer with a vahd RCID 
will be allowed access to data provided by a registered business entity and make 
selections on the data, the selections being stored in the storage device of the 
administrative server apparatus. 

In another embodiment of the present invention, the system under the control 

30 of a business entity facilitating a trusted transaction with a networked consumer 
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comprises a business entity server. Also provided is an electronic communicating 
mechanism for providing the business entity server access to a server-to-server 
electronic communication channel. Further provided is an authenticating system 
coupled to said business entity server for facilitating an authentication process of the 
5 business entity when said networked entity server is accessing the electronic 
communication channel. Further provided is a mechanism for outputting 
registration information wherein the ouputting of the registration information 
initiates the authentication process of the business entity, and for receiving a 
business entity identifier, wherein outputting the business entity identifier allows 

1 0 details of products and/or services to be outputted to the electronic communication 
channel and further allows selections of products and/or services made by the 
networked consumer to be received from the electronic communication channel. 

In another embodiment of the present invention, a system under the control 
of a networked entity facilitating a trusted transaction between a business entity and 

15 a networked consumer, comprises a networked entity server. A system facilitates 
an electronic connection of the networked entity server to a PC via a network 
system. A communication mechanism is provided for providing networked entity 
server access to a server-to-server electronic communication channel. Also 
provided is an authenticating system coupled to the networked entity server for 

2 0 facihtating an authentication process of the networked entity when the networked 
entity server is accessing the electronic communication channel. Further provided is 
a mechanism for outputting networked entity registration information and for 
receiving a networked entity identifier, wherein the outputting of the networked 
entity registration information initiates the authentication process. Future provided 

2 5 is a mechanism for allowing the networked PC to access the electronic 
communication channel to output networked consumer registration information 
wherein the outputting of the networked consumer registration information initiates 
the authentication process of the networked entity, and for allowing the networked 
PC to receive a registered consumer identifier wherein an outputting of the 
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registered consumer identifier allows the networked PC to receive details of 
products and/or services and to make selections on the products and/or services. 

BRIEF DESCRIPTION OF THE DRAWINGS 

5 

Figure 1 is a symbolic diagram illustrating the relationships among the 
various parties using the trusted market place of the present invention. 

Figure 2 is a block diagram illustrating the overall system for implementing 
the trusted market place shown in Figure 1. 
10 Figure 3 is a block diagram illustrating another embodiment to the system 

shown in Figure 1 . 

Figure 4 is a block diagram illustrating the mechanism for allowing 
registered consumers to access the trusted market place of Figure 1 without 
accessing through a networked entity. 
15 Figure 5 illustrates the overview process flow for transacting a sale and 

purchase of goods and services using the system shown in Figure 1 or 2. 

Figure 6 illustrates the overview process flow for transacting a deal 
involving group benefits plan using the system shovra in Figure 1 or 2. 

Figure 7 illustrates the overview process flow for establishing a trusted 

2 0 communication channel between the administrator's server and a business entity or 

networked entity during registration. 

Figure 8 illustrates the overview process flow for establishing a trusted 
communication channel between the administrator's server and a networked 
consumer during registration. 
25 Figure 9 illustrates the interface for allowing a business entity to submit 

details of its products and services to be offered using the present system. 

Figure 10 illustrates the interface for allowing a group benefits provider to 
submit details of its group benefits plan to be offered using the present system. 

Figure 1 1 illustrates the interface for allowing the networked entity to view 

3 0 the pre-negotiated group benefits plan details. 

10 
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Figure 12 illustrates the interface for allowing the networked entity to view 
the negotiated group benefits plan details. 

Figure 13 illustrates the interface for allowing a group benefits provider to 
configure a group benefits plan for a particular networked entity based on the 
5 outcome of its negotiation with the networked entity. 

Figure 14 illustrates the interface for allowing the registered consumers to 
view the endorsed group benefits plan details. 

Figure 15 illustrates the interface for allowing the registered consumers to 
view the details of a product and/or service. 
10 Figure 16 illustrates the interface for allowing the business entity to choose 

among the several options as shown. 

Figure 17 illustrates the interface for allowing the networked entity to choose 
among the several options as shown. 

Figure 18 illustrates the interface for allowing the networked consumer to 
1 5 choose between the two options as shown. 

DETAILED DESCRIPTION OF THE INVENTION 

As illustrated in Figure 1, the present invention establishes a trusted market 
20 place 5 which allows goods and services to be transacted on the Internet between 
businesses and a certain type of consumers called the "networked consumers" who 
can be properly authenticated without requiring each to obtain an authenticating 
device. The market players are the business entities 7, the networked entities 9, and 
the networked consumers 11. In this market structure, a plurality of business 

2 5 entities 7 have access to the market place, and they place details of goods and/or 

services to be sold on-line. The networked consumers 11 can access the market 
place 5, but at least the registration must be made through the networked entities 9. 
Where the goods or services being offered by a business entity 7 is a group benefits 
plan, the plan is first negotiated by the networked entity 9 before it is made available 

3 0 to the network consumers 11. By accessing the market place 5, the networked 
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consiimers 1 1 can purchase goods and services provided by the business entities 7, 
make choices about group benefits plans, and conduct other transactions. Because 
authentication is done via the networked entities 9, no authentication device or 
system is needed by the networked consumers 1 1 . 
5 Although virtually any type of business can be part of the current system, 

frequent references will be made to the transaction of group benefits plans as a way 
of fully and clearly describing the present invention. However, it should be 
understood to those skilled in the art that other types of businesses may utilize the 
present system for transacting other types of goods and services, hi general, the 

10 business entities can be providers of virtually any goods and/or services. For 
instance, they can be sellers of books, electronic products, gifts, etc. In the service 
industry, the business entities can be insurance companies, banks, 
telecommunications providers, etc. 

The business entities which offer their goods or services as a group benefits 

1 5 plan will be called the group benefits providers (GBPs). A xinique characteristic of a 
group benefits plan is that it is sold to and negotiated by the entity representing a 
group rather than the members of the group themselves. A common example of a 
traditional GBP would be insurance companies providing group coverage on life, 
health, and other types of insurance to employers having certain threshold number 

2 0 of employees. The group insurance is purchased and negotiated by the company, 
not its employees. The GBP, in the context of the present invention, can also be 
providers of other types of services such as telecommunication companies, hitemet 
service providers, and banks. Moreover, the GBP can also be providers of products 
such as household items, foods, electronics goods, gifts, etc. Essentially, any 

2 5 business entities which can offer any service or product in exchange for an agreed 

form and quantity of consideration may be deemed a GBP. 

The networked entities 9 can be any entity which has a group of associated 
individuals, caUed networked consumers 11, who are networked through a central, 
secure intra-network system. Alternatively, the networked consumers may be 

3 0 networked via the Litemet provided certain authentication criteria are met. A 
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common example of a networked entity would be a corporation employing a large 
number of employees who have access to a PC which is part of the company's 
secure intra-network system. Other examples are educational institutions, clubs, 
religious groups, or associations which provide access to their servers only to the 
5 members who are registered with their system. 

Similar to the traditional group benefits plans sold off-line, the group 
benefits plans which are transacted using the present system directly benefit the 
networked consimiers. However, the plans are negotiated by the networked entities 
on behalf of the networked consumers. The networked consumers, however, can 

10 make certain decisions about the group benefits plans by accessing the market place 
Web site through their PCs after they are properly registered the system. 

Figure 2 illustrates the preferred system 1 for implementing the market 
structure shown in Figure 1 . As shown, the system 1 comprises the administrator 
server 13 which generally includes a server engine 14 for performing various server 

15 fiinctions; various databases 16; a plurality of Web pages 18 which provide the 
necessary interfaces for facilitating the various transactions; and a security engine 20 
which performs various security functions including the Amotion of authenticating 
the various parties accessing the server 13. In the preferred embodiment, the security 
engine 20 utilizes a digital certificate authentication system where the authentication 

2 0 is performed by exchanging digital certificates with the transacting parties. The 
administrator's server 13 is coimected via the Internet to the business entities' PCs or 
servers 15 which are coupled to an authenticating system 12. The servers 19 of the 
networked entities 17 are also cormected via the Intemet to the administrator server 
13. The servers 19 of the networked entities 17 are also coupled to an authenticating 

2 5 system 21. Each of the networked entities 17 has a secure intra-network system 23 

which links its server 19 to its networked consumers' PCs 25. 

The databases 16 store data relating to the registration and other information 
relating to the business entities, networked entities, and networked consumers. 
They also store the details of products and services being offered by the business 

3 0 entities; the details of group benefits plans offered by the GBPs; various negotiated 
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and endorsed versions of the group benefits plans; the various selections made by 
the business entities 11, networked entities 17, and networked consumers 25; 
payment details; and other details relating to the transactions as well as the 
administration of the transactions. 

The intra-network system 23 may come in many forms. The most common 
is a local area network (LAN) which is a short distance network used to link a group 
of computers together within a building. An another type of an intra-network 
system is a wide area network (WAN) which is a network having a wider area 
coverage than the LAN. WAN can be used to interconnect a plurality of LANs. In 
the preferred embodiment of the present system, a LAN system is used where a 
password and an ID is required for access. The users of the LAN system should also 
have a unique e-mail account, and the e-mail address should have a domain name 
which matches that of the server 19. 

In another embodiment, as illustrated in Figure 3, the intra-network system 
23 is not required. In this embodiment, the networked consumers 27 associated 
with the networked entity 17 are networked through the Internet 24, preferably via a 
secure socket layer channel. Preferably, the networked entity 17 should require a 
networked consumer identifier such as a login ID and password for the networked 
consxuners 27 to be able to access the server 19, and the login ID and the password 
should be provided to the networked consumers 27 in a secure manner. It is fiirther 
preferred that the networked consumers 27 have a certain relationship with the 
networked entity which requires the networked consumer to be authenticated to the 
networked entity. 

For example, a networked consumer who is networked via the Internet can 
be an account holder of a bank where the bank provides a Web portal (or a Web 
page) which is only accessible by account holders. In this situation, the account 
holders are bound to be well authenticated because banks typically require some 
authentication before an account can be opened. Moreover, if the bank were to have 
a Web portal which allows the account holder to make bank transactions through the 
Internet, unique identifiers are typically provided which may comprise particulars 
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such as account number, account name, pin number (or password), etc. These 
particulars are typically provided to the account holder in a secure way such as in 
person or by mail. 

Although in the embodiments shown in Figures 2 and 3 the business entities 
1 1 utilize an authenticating system 12, in an another embodiment of the present 
invention, the business entities 1 1 are not required to have an authenticating system, 
or at least only an option is given to the busmess entities 11 to have such a system, 
hi the embodiment where an authenticating system is not used, the authentication is 
performed offline by the operators of the administrative server 13. Various offline 
authentication methods are possible, and are generally well known to those skilled 
in the art. For instance, the operator may call the business entities, research them 
through pubhc records, or visit the business entities' sites. Other methods are 
clearly possible. Yet in another embodiment, no formal authentication is performed 
at all. 

The confidentiality aspect of the security in the preferred embodiment of the 
present invention is addressed by deploying the well known and well utilized 2-way 
secure socket layer (SSL) channel 22 between the business entity PC or server 15 
and the administrator's server 13. The 2-way SSL channel is also used in the 
communication between administrator's server 13 and the networked entities server 
19. In the preferred embodiment, asymmetric 2-way 40-bit/128 bit encryption is 
used. Although the use of an SSL channel is preferred, it should be understood that 
it is possible to implement the present system without employing the SSL channel, 
or a channel employing other types of security technologies. 

At least for certain types of transactions between the administrator 13 and 
the various parties, i.e., business entities, networked entities, and networked 
consumers, the authenticating systems 12 and 21 are used to authenticate the 
business entities and the networked entities, respectively, hi the preferred 
embodiment, the authenticating systems 12 and 21 employ the digital certificate 
authentication protocol which is generally well known to those skilled in the art. 
Generally, the digital certificate authentication process entails each of the 
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transacting parties obtaining a digital certificate (which is basically an encrypted file 
containing information about the owner of the certificate) fi-om a certificate 
authority before any transaction is conducted. When a trusted transaction needs to 
be performed, the transacting parties electronically exchange the certificates, and 
after authenticating that the certificate is genuine, reads the contents of the 
certificate to verify the identify of the certificate owner. 

A general overview of the methodology employed in facilitating a trusted 
sale of a product or service using the system 1 of Figure 2 or system 3 of Figure 3 is 
shown in Figure 5. In step 30, the business entity first registers with the 
administrator preferably by accessing the administrator's Web site and entering the 
requested information, hi step 35, once the business entity is properly registered, the 
business entity submits the details of the products and/or services to be sold to the 
networked consumers so that they maybe pubhshed on the administrator's Web site. 
In step 40, the networked entity registers itself with the administrator. In step 45, 
the networked consumer registers himself at the administrator's Web site. Once 
properly registered, in step 50, the registered consumer accesses the administrator's 
Web site, and makes selections of the goods and services he or she wishes to 
purchase. In step 55, a payment for the good and/or services is made or arranged to 
be made. In step 60, the business entity deUvers the selected product or performs 
the service. 

In the case where the product or service being offered is a group benefits 
plan, the general methodology is a httle different, and is shown in Figure 6. 
Referring to Figure 6, in step 80, the group benefits provider (GBP) first develops a 
general group benefits plan. Multiple plans may be created to suit the needs of 
different customers, hi step 85, the GBP registers with the administrator preferably 
by accessing the administrator's Web site and entering the requested information, hi 
step 90, once the GBP is properly registered, the GBP submits the details of the 
plans it has developed so that they may be published on the administrator's Web site 
for viewing by the networked entities. The networked entities, to be able to access 
the Web page containing the details of the plans, must first register with the 
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administrator which is performed in step 95. After a successful registration, in step 
100, the networked entity accesses the administrator's Web site and obtains the 
details of the group benefits plans submitted by the GBP. In step 105, the 
networked entity (most likely through its human resource personnel) contacts the 
GBP and negotiates a group benefits plan which is customized for its networked 
consumers. When a consensus is reached, the customized group benefits plan is 
endorsed by the networked entity. 

Still referring to Figure 6, in step 110, the details of the endorsed group 
benefits plan are made available on the administrator's Web site. In step 115, the 
networked entity informs its networked consumers of the group benefits plan. 
Various methods may be employed for relaying the message to the employees, 
including e-mails, inter-office memorandums, brochures, telephone calls, etc. In 
step 120, the networked consumer registers himself at the administrator's Web site. 
Once properly registered, in step 125, the networked consumer accesses the 
administrator's Web site, and makes selections specific to the needs and wants of the 
individual networked consumer. In step 130, the GBP fiilfiUs its obligations 
(whether they be performance of service or delivery of goods) made under the group 
benefits plan. In step 135, the networked entity makes a payment to the GBP. 

To ensure that the networked entity's server 19 properly interfaces with 
administrator's server 13, some configuration of the networked entity's system may 
initially be needed by the personnel of the administrator 13. In the preferred 
embodiment, a custom Web page is provided in the networked entity's server 19 
which its networked consumers 25, 27 must access before being re-routed to the 
administrator's server 13. This would ensure proper control of the access to the 
administrator's Web pages 18 by the networked consumers 25, 27 so that no 
unauthorized actions on behalf of the networked entity 17 is performed by the 
networked consumers 25, 27. The configuration may include providing special 
access for the PCs being used by the network entity's representative. This could be 
accompUshed, for instance, by setting a cookie in the PCs and thus future access 
instances by the networked entity's representative are checked to have been done 
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from the specified PCs. The setting and checking of the cookies, thus, tightens the 
security around the access by the networked entity's representative. Alternatively, 
or in conjunction with the setting of the cookies, a special access code may be 
provided to the network entity's representative to allow him/her to access the Web 
5 pages (whether located on the networked entity's server 19 or the administrator 
server 13) to perform the various administrative functions, e.g., registration of the 
networked entity, on behalf of the networked entity. 

The registration of the business entity 11 and the networked entity 17 in 
steps 85 and 95 of Figure 6, respectively, is performed on a trusted communication 

1 0 channel. Figure 7 illustrates the preferred methodology for registering the business 
entity and the networked entity on a trusted communication channel between the 
business entity PC or server 15 and the administrator's server 13, and between the 
networked entity's server 19 and the administrator's server 13. Referring to Figure 
7, in step 150, the business entity or networked entity accesses the administrator's 

15 Web site and selects 'Registration'. The security engine 20 of the administrator's 
server 13 authenticates the business entity or networked entity by exchanging the 
digital certificates via the authenticating devices 12 and 21. In step 160, when the 
digital certificate is received, the security engine 20 reads the name of the owner of 
the certificate, and if the digital certificate is sent by a server, then the domain name 

20 of the server. If the digital certificate is authenticated, the administrator server 
allows the business entity or networked entity to register in step 165. In step 170, 
the business entity or networked entity enters its particulars which includes the e- 
mail address of the contact person. The e-mail address serves as the login ID for the 
business entity or the networked entity. If applicable, a check is performed in step 

25 175 to ensure that the domain name of the entered e-mail matches that found in the 
digital certificate, and that the e-mail address is still valid. In step 180, the 
administrator e-mails to the business entity or networked entity a password. All of 
the entered information is properly stored in the databases and classified under the 
respective parties. 
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Because each business entity and networked entity has an authenticating 
system, e.g., digital certificate system, authenticating the business entity and the 
networked entity is a straightforward process. On the other hand, authenticating 
each of the networked consumers is not as straightforward because the networked 
consumers' PCs do not individually have an authenticating system. Figure 8, 
therefore, illustrates the general methodology for estabUshing a trusted 
communication channel between the administrator server 13 and the networked 
consumers' PCs 25 during the registration of the networked consumer. 

Referring to Figure 8, in step 200, the networked consumer uses his 
networked PC to log into the networked entity's intra-network system or the 
Internet. In step 205, the networked consumer accesses a specified Web page 
provided by the networked entity's server, which in most cases, will be custom 
developed by the operating personnel of the administrator server, and selects 
'Registration'. For those networked consumers using the Internet, an entry of proper 
login ID and/or password may be required. In step 210, the networked entity's Web 
page redirects the networked consumer to administrator's registration Web page. In 
step 215, the administrator authenticates the networked entity's server by 
exchanging the digital certificates and authenticating the one sent by the networked 
entity's server. The administrator also reads the name of the owner of the certificate 
and the domain name of the server which sent the certificate. In step 220, if the 
networked entity's server is properly authenticated, then the administrator allows the 
networked consumer to register. In step 225, the networked consumer enters his/her 
particulars including his/her e-mail address which will serve as his/her login K). In 
step 230, if the networked consumer is part of an intra-network system, the 
administrator checks the entered e-mail address to ensure that the domain name 
matches that which was read fi-om the digital certificate. The administrator checks 
to make certain that the e-mail is still vaUd using one of several commonly available 
techniques. In step 235, the administrator e-mails to the networked consumer his/her 
password. All of the entered information is properly stored in the databases. The 
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registration process is now completed, and the registered networked consumer will 
be able to access the administrator's server using the login ID and password. 

After the registration process, the networked consumers 25, 27 are presumed 
to be authenticated, hi doing so, some rehance is placed on the networked 
5 consimiers' ability to access the secure intra-network system 23, or in the case of 
networked consumers using the system 3, the networked consumers' ability to 
access the Web site of the networked entity using the login ID and password 
provided by the networked entity. 

Once the networked consumers have been properly registered with the 

10 administrator's system 13, the "registered consumers" need not go through the 
networked entity 17 to access the administrator's Web sites 18, though the access 
through this method is certainly still possible. Figure 4 illustrates a system 2 which 
allows the registered consumers 26 to directly access the administrator's Web pages 
18. As shown, the registered consumers' PCs 26 are now directly connected to the 

15 administrator's server 13 via the Internet preferably through an SSL channel. By 
providing the correct login ID and password which are assigned to the registered 
consumer 26, the registered consumers 26 are now able to access the administrator's 
Web pages 18 and make choices on purchases of goods and services and on group 
benefits plans. 

2 0 It should be understood that the term "registered consumer" will generally 

refer to any networked consumer who is properly registered with the administrator 
13, and not necessarily to those that are accessing the administrator's server 13 via 
the system 2 shown in Figure 4, i.e., access without going through a networked 
entity. Registered consumers can equally access the administrator's server 13 via 

25 the system 1 shown in Figure 2 or the system 3 shown in Figure 3. Also, the term 
"networked consumer" generally refers to a consumer who is properly networked 
with a networked entity whether via the network shovm in Figure 2 or Figure 3, and, 
unless otherwise stated or implied, does not necessarily define or imply anything 
about the consumer's registration status or network status. 
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The submission of the details of the products or services in step 35 of Figure 
5 or group benefits plans in step 90 of Figure 6 is accomplished through an 
interface, a Web page, provided on the administrator's Web site. To access this 
Web page, the business entity accesses the home page of the administrator's Web 
5 site w^hich asks the user to choose among three choices: 1) Goods and Services 
provider; 2) Networked Entity; and 3) Networked Consumer. The business entity 
would choose item 1). The business entity would then be required to enter its login 
ID and its password. The login ID would be the e-mail address of the contact person 
the business entity had entered during its registration. Multiple IDs corresponding 

10 to several contact persons may be allowed. The password is the one which was sent 
by the administrator to the contact person's e-mail address. The administrator 
matches the entered login ID and the password against its record in the databases 16, 
and if a proper match is found, then the administrator allows the business entity to 
access the next Web page 600 of Figure 16 which provides the business entity a 

1 5 choice of the following: 



1. Submit Details of Products/Services 

2. Submit Details of Group Benefits Plan 

3. Configure the Group Benefits Plan 

4. See the List of Submitted Products/Services 
or Group Benefits Plans 

5. View the List of Selected Products/Services 

6. View the List of Selected Group Benefits Plans 



2 5 Generally, choosing item 1, 605, allows the business entity to submit details 

about general products and/or services which are not part of a group benefits plan 
and which do not need to be negotiated with the networked entity before being made 
available to networked consumers. Choosing item 2, 610, allows the business entity 
to submit details about group benefits plans which do need to be negotiated with the 

3 0 networked entity. Choosing item 3, 615, allows the business entity to configure a 
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plan to meet the terms as negotiated with the networked entity. Choosing item 4, 
620, allows the business entity to see a list of submitted details for all 
products/services and group benefits plans. Choosing item 5, 625, allows the 
business entity to see a list of products/services which have been selected for 
5 purchase by the networked consumers. Choosing item 6, 630, allows the business 
entity to see a list of group benefits plans which have been negotiated and/or 
endorsed by the networked entity, and the endorsed group benefits plans which have 
been selected by the networked consumers. 

When any of the above choices are selected, the business entity is shown a 

10 list of industries such as insurance, banking, telecommunications, etc. one of which 
the business entity selects. If item 1, 605, above is selected, then the business entity 
is shown the Web page 245 as illustrated in Figure 9. Although, in this case, the 
telecommunication industry was chosen, the interfaces for the other industries are 
generally the same. The Web page 245 basically comprises a field for the 

15 product/service 250, price 255, detailed description of the product/service 260, and 
optionally, the market value of the product/service 265. The field 250 requires an 
input of the name of the product/service. The field 255 requires an input of the 
price the business entity is charging for the product/service. Presumably, the price 
may be discounted fi-om the normal market price since the payment default rate will 

2 0 be lower due to the authentication feature provided by the present system. The field 

260 requires an input of the detailed description of the product/service. The field 
265, if provided, requires an input of the price of the product/service being offered 
in the market without a discount. The particulars of additional products/services 
may be entered by selecting the "Next" 270 option at the bottom of the Web page 
25 245. All of the entered information is stored in the databases 16 and properly 
categorized imder the respective business entities and industries. Moreover, each of 
the products/services is assigned a unique Product/Service Identifier 
(Product/ Service ID) which is also stored in the databases 16. 

Figure 10 illustrates the Web page 295 that appears when item 2 above is 

3 0 selected by the business entity. Although, in this case, the insurance industry was 
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chosen, the interfaces for the other industries are generally the same. The Web page 
295 basically comprises a field for the title of the group benefits plan 300, price 305, 
detailed description of the plan 310, and optionally, the market value of the plan 
315. The field 300 requires an input of the name of the group benefits plan. The 
field 305 requires an input of the price the business entity is charging for the group 
benefits plan. Presumably, the price may be discounted from the normal market 
price since the payment default rate will be lower due to the authentication provided 
by the present system. The field 310 requires an input of the detailed description of 
the plan. The field 315, if provided, requires an input of the price of the plan being 
offered in the market without a discount. The particulars of additional plans may be 
entered by selecting the "Next" 320 option at the bottom of the Web page. All of the 
entered information is stored in the databases 16 and properly categorized under the 
respective business entities and industries. Moreover, each of the plans is assigned 
a unique Plan Identifier (Plan ID) which is also stored in the databases 16. 

In addition to the information described above, the Web page 295 of Figure 
10 may provide "advertisements" in an attempt to "cross-sell" or "up-sell" some of 
its other goods or services which may or may not be part of the plan. For instance, 
take a situation where the group benefits plan involves a basic mobile phone service 
where a monthly fee is charged. The basic service includes 120 minutes for "fi-ee" 
(i.e., no additional per-minute charges) but voice mail is not included. As a "cross- 
sell", the business entity may provide information about mobile phones, or other 
products related to a mobile phone subscription service. As an "up-sell", the 
business entity may provide information about a plan that includes unlimited 
minutes for fi-ee and a voice mail service. Alternatively, the Web page 295 may 
simply provide a hyperlink to another Web page which provides the information 
about cross-sell and up-sell products. 

When the item 3, 615, above is selected, the business entity is shown a Web 
page 395 of Figure 13 which allows the business entity operator to configure a 
group benefits plan to meet the specific needs and wants of a particular networked 
entity. The details of this plan configurator is shown and described fiirther below. 
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When the item 4, 620, is selected, the business entity operator is shown a hst 
of the submitted products/services and group benefits plans. By selecting an item 
on the list, the business entity is shown the details of the submitted information 
relating to the chosen product/service or group benefits plan. An option may be 
provided to allow the business entity to make changes to the listing or add additional 
products/services or plans. 

For the items which were entered from the Web page 245 shown in Figure 9, 
they are immediately provided for viewing and for purchase to the networked 
consumer because generally no negotiations are needed between the business entity 
operator and the networked entities. On the other hand, the group benefits plans 
which were entered from the Web page 295 shown in Figure 10 must first be 
endorsed by a networked entity before they are available to the networked 
consumers. Therefore, the pre-negotiated versions of the plans are only available 
for viewing by the networked entities. 

To access these pre-negotiated plans, the networked entity accesses the home 
page of the administrator's Web site which asks the user to choose among three 
choices: 1) Goods and Services provider; 2) Networked Entity; and 3) Networked 
Consumer. The networked entity would choose item 2). The business entity would 
then be required to enter its login ID and its password. The login ID would be the e- 
mail address of the contact person the networked entity had entered during its 
registration. The password is the one which was sent by the administrator to the 
contact person's e-mail address, though it may be changed later by the user. The 
administrator matches the entered login ID and the password against its records in 
the databases 16, and if a proper match is found, then the administrator allows the 
networked entity to access the next Web page 650 of Figure 17 which provides the 
networked entity a choice of the following: 

1 . View the List of Products/Services 

2. View the List of Pre-Negotiated Group Benefits Plans 

3 . View the List of Negotiated Group Benefits Plans 



sf-983914 



24 



426882001800 

3. View the List Endorsed Group Benefits Plans 

When any of the above choices are selected, the networked entity is shown a 
list of industries such as insurance, banking, telecommunications, etc. one of which 
5 the networked entity selects. If item 1 , 655, is selected, then the networked entity is 
shown a list of business entities which have submitted details of products/services 
under the industry chosen. This list is generally available to any networked entity 
registered with the system and is not specific to any one particular networked entity. 
The list is also available to any registered networked consumers fi"om any registered 
1 0 networked entity. 

If item 2, 660, is selected, then the networked entity is shown a list of 
business entities which have submitted details of group benefits plans under the 
industry chosen which have not been negotiated or endorsed by the networked 
entity. This list is generally available to any networked entity registered with the 
1 5 system and is not specific to any one particular networked entity. 

If item 3, 665, is selected, then the networked entity is shown a list of 
business entities that have submitted details of group benefits plans under the 
industry chosen which have been negotiated by the parties and configured by the 
business entity, but which have not been "endorsed" by the networked entity. This 
2 0 list is specific to the particular networked entity making the selection, and is not 
available to the other networked entities or any of the networked consumers. 

If item 4, 670, is selected, then the networked entity is shown a list of 
business entities that have submitted details of group benefits plans under the 
industry chosen which have been "endorsed" by the networked entity. This list is 

2 5 specific to the particular networked entity making the selection, and is not available 

to the other networked entities, but is made available to the networked consumers 
belonging the networked entity that has endorsed the plans. 

Assuming now that the networked entity has chosen item 2, 660, (View the 
List of Pre-Negotiated Group Benefits Plans), and chosen an industry, e.g. 

3 0 telecommunication, the networked entity is shown a list of group benefits providers 
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(GBPs) that have provided details of group benefits plans. When a particular GBP 
is chosen off the list, the networked entity is shown a Web page 340 as illustrated in 
Figure 11 (including some sample data for illustrative purposes only). The Web 
page provides in general the plan ID 345, here 1234567XYZ; the industry 350, here 
5 telecommunications; the name and contact information of the provider 355, here 
XYZ Telecommunication Company (no sample contact particulars); the title of the 
plan 360, here Plan X; the price of the plan 365, here $50/mo.; the detailed 
description of the plan 370 (no sample data provided); and the market value of the 
plan 375 (if provided by the provider) here $70/mo. 

10 If the networked entity is interested in the plan, the networked entity 

(through its human resources manager or other representative) contacts the GBP and 
negotiates and customizes the plan to meet the needs and wants of the networked 
entity on behalf its networked consumers. Typically, the negotiated terms may 
involve price where further discount may be requested by the networked entity. If 

15 the details of the plan itself need to be modified, the GBP may have to create a new 
plan and submit it to the system. 

When the terms and conditions have been reached, the business entity 
accesses the Web page 600 of Figure 16 and selects item 3, 615. The business 
entity is shown a list of the pre-negotiated group benefits plans it had submitted. 

2 0 The business entity selects the plan which had been the topic of the negotiation. 
When selected, a plan configurator interface is shown as illustrated in Figure 13. 
The plan configurator page 395 includes the basic information relating to the plan in 
its pre-negotiated form including the plan ED 400, the industry 405, provider/contact 
info. 410, plan title 415, price of plan 420, detailed description of the plan, market 

2 5 value of the plan 435. The data for the heading Price of Plan 420 is provided within 
a modifiable field 425. Generally, most of the data provided is not modifiable 
except that which is provided in a field. The configurator, thus, allows the business 
entity to change the figure in the Price of Plan data field 425 to reflect the negotiated 
price. 
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The configurator further includes the heading Negotiated Party's ID 440 and 
a field 445 for entering the information. In this field 445, the business entity enters 
the identifier for the networked entity whom it had negotiated the plan with. Once 
all of the information has been entered and reviewed, the heading Submit 450 is 
5 chosen. 

When the information is submitted, it is deemed to have been negotiated 
(but not yet endorsed) which can now be viewed by the networked entity by 
choosing the option 3, 665, "View the list Negotiated Group Benefits Plans" of 
Figure 17. This option allows the networked entity to view the list of all of the 

1 0 group benefits plans which have been negotiated by the networked entity. Note that 
several GBPs may have submitted negotiated plans which are available for the 
networked entity's choosing. Once the networked entity has had an opportunity to 
review all of the negotiated plans, it can endorse the plan or plans which best meet 
its requirements. Because this list is specific to each networked entity, it is only 

15 available for viewing for the networked entity having the identifier which matches 
the one entered by the business entity in Figure 13 when the authentication process 
is performed. 

When the networked entity is ready to endorse a plan or plans, it selects 
option 3, 665, "View the Ust Negotiated Group Benefits Plans" of Figure 14, and 

20 selects one of the plans shown on the list. The networked entity is then shown the 
Web page 900 of Figure 12 (including some sample data for illustrative purposes 
only). The Web page 900 provides in general the networked entity identifier 905, 
here 45678LMO; plan ID 910, here 1234567XYZ; the industry 915, here 
telecommunications; the name and contact information of the provider 920, here 

25 XYZ Telecommunication Company (no sample contact particulars); the title of the 
plan 925, here Plan X; the negotiated price of the plan 930, here $40/mo.; the 
detailed description of the plan 935 (no sample data provided); and the market value 
of the plan 940 (if provided by the provider) here $70/mo. Additionally, the Web 
page 900 is provided with the heading "Endorse" 945 which, when selected, 

3 0 converts the negotiated plan into an endorsed plan. 
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After a group benefits plan has been endorsed by the networked entity, the 
registered consumers 26 are able to make decisions on the plan. To access the Web 
page showing the endorsed plan, the registered consumer accesses the home page of 
the administrator's Web site which asks the user to choose among three choices: 1) 
5 Goods and Service provider; 2) Networked Entity; and 3) Consumer. The registered 
consumer would choose item 3). The registered consumer 26 would then be 
required to enter its login ID and its password. The login ID would be the e-mail 
address the registered consimier had entered during its registration. The password is 
the one which was sent by the administrator to the registered consumer's e-mail 
10 address, though an option may be provided to later change the password. The 
administrator matches the entered login ID and the password against its record in the 
databases 16, and if a proper match is found, then the administrator allows the 
registered consumer to access the next Web page 700 of Figure 18 which provides 
the business entity a choice of the following: 

15 

1 . View the List of Products and Services 

2. View the List of Endorsed Group Benefits Plans 

When either of the above choices is selected, the registered consumer is 
2 0 shovm a list of industries such as insiirance, banking, telecommunications, etc. one 
of which the registered consumer selects. If item 1, 705, is selected, then the 
registered consumer is shown a list of business entities which have submitted details 
of products/services under the industry chosen. This list is generally available to any 
registered networked entity 17 and registered consumers and is not specific to any 

2 5 one particular party. 

If item 2, 710, is selected, then the registered consumer is shown a hst of 
group benefits plans imder the industry chosen which have been endorsed by the 
networked entity. This list is specific to the particular networked entity which the 
registered consumer is a member of, and is not available to the registered consumers 

3 0 that belong to other networked entities. 
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Assuming now that the registered consumer has chosen item 2, 710, (View 
the List of Endorsed Group Benefits Plans), and chosen an industry, e.g. 
telecommunication, the networked entity is shown a list of group benefits providers 
(GBPs) that have provided details of group benefits plans. When a particular GBP 
is chosen off the Hst, the networked entity is shown a Web page 490 as illustrated in 
Figure 14 (including some sample data for illustrative purposes only). This page 
can also be viewed by the networked entity by choosing item 4, 670, on the Web 
page 650 of Figure 17. The Web page 490 provides in general the networked entity 
identifier 495, here 45678LMO; plan ID 500, here 1234567XYZ; industry 505, here 
telecommunications; the name and contact information of the provider 510, here 
XYZ Telecommunication Company (no sample contact particulars); the title of the 
plan 515, here Plan X; the price of the plan 520, here $40/mo.; the detailed 
description of the plan 525 (no sample data provided); and the market value of the 
plan 530 (if provided by the provider) here $70/mo. Additional information may be 
obtained by selecting the "More hiformation" 535 option which may be hyperlinked 
to the business entity's own Web page. If the registered consumer wishes to sign 
onto the plan, the "Accept" 540 option is chosen. For each registered consumer who 
chooses to sign onto a group benefits plan, the details of the transaction mcluding 
the identity of the consumer, the plan ID, date, etc. are stored in the databases 16 
and properly catalogued for retrieval. 

If on the other hmid, the registered consumer has chosen item 1, 705, (View 
the List of Products and Services) of Figure 18, and chosen an industry, e.g. 
telecommunication, the networked entity is shown a Hst of busmess entities that 
have provided details of products and services. When a particular business entity is 
chosen off the list, the networked entity is shown a Web page 545 as illustrated in 
Figure 15 (includmg some sample data for illustrative purposes only). The Web 
page 545 provides in general the product/service identifier (ID) 550, here 
7654321JKL; industry 555, here telecommunications; the name and contact 
information of the provider 560, here XYZ Telecommunication Company (no 
sample contact particulars); the name of the product or service 565, here mobile 
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phone Model Z; the price of the product/service, here $100.; the detailed description 
of the product/service (no sample data provided); and the market value of the 
product/service 580 (if provided by the provider) here $120. Additional information 
may be obtained by selecting the "More Information" 585 option which may be 
5 hyperlinked to the business entity's own Web page which describe the 
product/service in greater detail. If the registered consumer wishes to purchase the 
product/service, the "Add to Shopping Cart" 590 option is chosen. When the "Add 
to Shopping Cart" 590 option is chosen, the product/service ID 550 is temporarily 
stored in a temporary storage area of the databases 16, until the purchase is 

1 0 confirmed by the consumer. 

Once the selections of products/services and/or group benefits plans have 
been made by the networked consimiers, the business entity needs to deliver the 
chosen products or perform the chosen services, and also to invoice the transactions, 
if necessary. To view the list of products and/or services chosen by the networked 

15 consumers, the business entity chooses item 5, 625, firom the Web page 600 of 
Figure 16. This option shows a list of the registered consumers that have selected a 
product/service for purchase. The list can alternatively be viewed by the 
products/services chosen rather than by consumers. For each of the items on the 
Ust, the details of the transaction are provided which can include, the date, 

2 0 purchased price, product/service identifier, networked consumer identifier, 
associated networked entity identifier, number of units purchased, etc. The 
information can be linked to an invoicing system such that the purchased items may 
be invoiced to the consumer making the purchase. Alternatively, the invoice may be 
sent to the associated networked entity if the payment is to be made through a 

2 5 special account the networked consumer has with the networked entity. 

To view the selections made on the group benefits plans, the business entity 
selects item 6, 630, fi-om the Web page 600 of Figure 16. This selection shows the 
following choices: 

3 0 1 . View the List of Negotiated Group Benefits Plans 
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2. View the List of Endorsed Group Benefits Plans 

3. View the List of Selected Group Benefits Plans 

Choosing item 1 above shows a list of the group benefits plans which have been 
negotiated with the various networked entities, and which have been configured by 
the business entity. The business entity will have access to all of the group benefits 
plans belonging to the various networked entities which the business entity took a 
part in. When one of the negotiated group benefits plans is selected, the business 
entity is shown the Web page 900 of Figure 12. 

Choosing item 2 above shows a list of the group benefits plans which have 
been endorsed by the various networked entities. When one of them is selected, the 
business entity is shown the Web page 490 of Figure 14. 

Choosing item 3 above shows a list of the registered consumers that have 
selected a group benefits plan. The hst can alternatively viewed by the group 
benefits plans chosen. For each of the items on the hst, a details of the transaction 
are provided which can include, the date, purchased price, group benefits plan 
identifier, networked consumer identifier, associated networked entity identifier, etc. 
The information can be linked to an invoicing system such that the plans may be 
invoiced to the associated networked entity. 

A number of payment schemes is possible, hi the preferred embodiment, the 
payment of the group benefits plan is made by the networked entities and it follows 
the customary offline invoicing procedure of the networked entity 17. In one 
embodiment, the networked entity 17 is billed on a monthly basis. The payment is 
based on the number and type of group benefits plans signed on by the networked 
consumers, the details of which are provided along with the invoice. The details of 
the transactions can also be made available on the administrator's Web pages 18 and 
which can be accessed by the networked entity 17 having the proper login ID and 
password. Alternatively, the payment may be made on-line using any of the 
available on-line payment systems such as a secure credit card payment system 
which are well known those skilled in the art. 
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For the purchases of products/services made by the networked consumers 
25, the payment can be made either directly by the consumer 25 or via the 
networked entity's account. Where the payment is made directly by the consumer 
25, it may be made using any of the available on-line payment systems such as a 
secure credit card payment system. Alternatively, the consumer 25 may be billed 
offline. Where the payment is made through the networked entity's account, the 
payment is made using one of the payment schemes described above for the 
networked entity, and the amount is charged to the networked consumer's account 
with the networked entity, if any exists, or deducted from the networked consumer's 
salary if the networked consumer is an employee of the networked entity. 
Furthermore, if the group benefits plan is only partially subsidized by the network 
entity, the payment may also be made either directly by the consumer or via the 
consimier's account with the networked entity where the consumer is credited with 
the subsidy. Alternatively, the networked entity may make the payment, and the 
networked consumer is responsible for paying the difference between the price and 
the subsidy, or this amount is charged to the consumer's account with networked 
entity. 

The present invention may be embodied in other specific forms without 
departing from the spirit or essential characteristics thereof. For instance, although 
here it was described that an e-mail address and a password were used as an 
identifier for uniquely identifying a business entity, networked entity, and a 
networked (or registered) consumer, it should be imderstood, that other forms of 
identifier or identifiers may be used so long as they perform the same function as 
that which is shown and described herein. The presently disclosed embodiments are, 
therefore, to be considered in all respects as illustrative and not restrictive, the scope 
of the invention being indicated by the appended claims and all changes which come 
within the meaning and range of equivalency of the claims are, therefore, to be 
embraced therein. 
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CLAIMS 

We Claim: 

1. A method facilitated by a computer network to accomplish a trusted transaction 
between a business entity and a networked consumer, comprising the acts of: 

providing an administrative server having a communications channel for 
electronically communicating with the business entity and having a communications 
channel for electronically communicating with a networked entity and the 
networked consumer; 

providing a business registration system in the administrative server wherein 
the business entity can be authenticated and a unique identifier is assigned to the 
business entity (BEID), whereby the business entity is designated a registered 
business entity; 

allowing the registered business entity to selectively access the 
administrative server to submit details of products and/or services provided by the 
registered business entity and to view selections made by the networked consumer 
wherein the administrative server will store the details of products and/or services 
provided by the registered business entity; 

providing a networked entity registration system in the administrative server 
wherein the networked entity can be authenticated, whereby the networked entity is 
designated a registered networked entity; and 

providing a networked consumer registration system in the administrative 
server whereby a networked consumer who has authorized access to a registered 
networked entity's system can be designated a registered consumer and assigned a 
unique registered consumer identifier (RCID), and whereby a registered consumer 
with a vahd RCID will be allowed access to data provided by a registered business 
entity and to make selections on the data, the selections being stored in the 
administrative server. 



sf-983914 



33 



426882001800 



2. The method as recited in Claim 1 wherein the registered consumer has 
authorized access to the registered networked entity's system through the registered 
networked entity's intra-network system. 

3. The method as recited in Claim 1 wherein the registered consumer has 
authorized access to the registered networked entity's system through an hitemet 
system. 

4. The method as recited in Claim 1 further comprising the act of providing an 
on-line payment system where a registered consumer can make payments to a 
business entity for goods and/or services selected by the registered consumer. 

5. The method as recited in Claim 1 wherein the communications channels 
employ a secure socket layer protocol. 

6. The method as recited in Claim 1 wherein the identifiers comprise an e-mail 
address and a password. 

7. The method as recited in Claim 6 wherein a process for designating a 
business entity as a registered business entity, comprising the acts of: 

receiving registration information from the business entity including an e- 
mail address of a contact person for the business entity; 
authenticating the business entity; 
assigning a password to the business entity; and 
electronically sending the password to the received e-mail address. 

8. The method as recited in Claim 6 wherein a process for designating a 
networked entity as a registered networked entity, comprising the acts of: 

receiving registration information from the networked entity including an e- 
mail address of a contact person for the networked entity; 
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authenticating the networked entity; 

assigning a password for the networked entity; and 

electronically sending the password to the received e-mail address. 

9. The method as recited in Claim 6 wherein a process for designating a 
networked consumer as a registered consumer comprises the acts of: 

receiving registration information from the networked consumer including 
an e-mail address of the networked consumer; 

authenticating the registered networked entity; 
assigning a password to the networked consumer; and 
electronically sending the password to the received e-mail address. 

10. The method as recited in Claim 1 wherein the authentication is 
accomplished by exchanging digital certificates. 

11. The method as recited in Claim 1 further comprising the act of 
authenticating the registered networked entity prior to designating the networked 
consumer as a registered consumer. 

12. The method as recited in Claim 4 wherein the identifier comprises an e-mail 
address and a password. 

13. The method as recited in Claim 12 wherein a process for designating a 
business entity as a registered business entity, comprising the acts of: 

receiving registration information from the business entity including an e- 
mail address of a contact person for the business entity; 
authenticating the business entity; 
assigning a password to the business entity; and 
electronically sending the password to the received e-mail address. 
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14. The method as recited in Claim 12 wherein a process for designating a 
networked entity as a registered networked entity, comprising the acts of: 

receiving registration information from the networked entity including an e- 
mail address of a contact person for the networked entity; 
authenticating the networked entity; 
assigning a password for the networked entity; and 
electronically sending the password to the received e-mail address. 

15. The method as recited in Claim 12 wherein a process for designating a 
networked consumer as a registered consumer comprises the acts of: 

receiving registration information from the networked consumer including 
an e-mail address of the networked consumer; 
authenticating the registered networked; 
assigning a password to the networked consimier; and 
electronically sending the password to the received e-mail address. 

16. A method facilitated by a computer network to accomplish a trusted transaction 
of a group benefits plan involving a business entity, a networked entity, and a 
networked consumer, comprising the acts of: 

providing an administrative server having a communications channel for 
elecfronically communicating with the business entity and having a communications 
channel for electronically communicating with the networked entity and networked 
consumer; 

providing a business regisfration system in the adminisfrative server wherein 
the business entity can be authenticated and a unique identifier is assigned to the 
business entity (BEID), whereby the business entity is designated a registered 
business entity; 

allowing the registered business entity to selectively access the 
administrative server to submit details of group benefits plans provided by the 
registered business entity and to view selections made by the networked consumer 
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wherein the administrative server will store the details of the group benefits plans 
provided by the registered business entity; 

providing a networked entity registration system in the administrative server 
wherein the networked entity can be authenticated and a tmique identifier is 
5 assigned to the networked entity (NEID), whereby the networked entity is 
designated a registered networked entity; 

allowing the registered networked entity to selectively access the details of 
the group benefits plans provided by a registered business entity and to endorse the 
group benefits plans wherein the administrative server will store the group benefits 
1 0 plans endorsed by the networked entity; and 

providing a networked consumer registration system in the administrative 
server whereby a networked consumer who has authorized access to a registered 
networked entity's system can be designated a registered consumer and assigned a 
imique registered consimier identifier (RCID), and whereby a registered consumer 
15 with a vaUd RCID will be allowed access to the endorsed group benefits plans and 
will be allowed to make selections on the endorsed group benefits plans. 

17. The method as recited in Claim 16 wherein the registered consumer has 
authorized access to the registered networked entity's system through the registered 

2 0 networked entity's intra-network system. 

18. The method as recited in Claim 16 wherein the registered consumer has 
authorized access to the registered networked entity's system through an Internet 
system. 

25 

19. The method as recited in Claim 16 fiirther comprising the act of providing an 
on-line payment system where a registered networked entity can make payments to a 
business entity for group benefits plans selected by a registered consumer. 
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20. The method as recited in Claim 16 wherein the communications channels 
employ a secure socket layer protocol. 

21. The method as recited in Claim 16 wherein the identifiers comprise an e- 
5 mail address and a password. 

22. The method as recited in Claim 21 wherein a process for designating a 
business entity as a registered business entity comprising the acts of: 

receiving registration information from the business entity including an e- 
1 0 mail address of a contact person for the business entity; 
authenticating the business entity; 
assigning a password to the business entity; and 
electronically sending the password to the received e-mail address. 

15 23. The method as recited in Claim 21 wherein a process for designating a 
networked entity as a registered networked entity comprising the acts of: 

receiving registration information from the networked entity including an e- 
mail address of a contact person for the networked entity; 
authenticating the networked entity; 
2 0 assigning a password to the networked entity; and 

elecfronically sending the password to the received e-mail address. 

24. The method as recited in Claim 21 wherein a process for designating a 
networked consumer as a registered consumer comprises the acts of: 
2 5 receiving registration information from the networked consumer including 

an e-mail address of the networked consumer; 

authenticating the registered networked entity; 
assigning a password to the networked consiimer; and 
elecfronically sending the password to the received e-mail address. 

30 
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25. The method as recited in Claim 16 wherein the authentication is 
accompUshed by exchanging digital certificates. 

26. The method as recited in Claim 16 further comprising the act of 
authenticating the registered networked entity prior to designating the networked 
consumer as a registered consxmier. 

27. The method as recited in Claim 19 wherein the identifier comprises an e- 
mail address and a password. 

28. The method as recited in Claim 27 wherein a process for designating a 
business entity as a registered business entity comprising the acts of: 

receiving registration information fi-om the business entity mcluding an e- 
mail address of a contact person for the business entity; 
authenticating the business entity, 
assigning a password to the business entity; and 
electronically sending the password to the received e-mail address. 

29. The method as recited in Claim 27 wherein a process for designating a 
networked entity as a registered networked entity comprising the acts of: 

receiving registration information firom the networked entity including an e- 
mail address of a contact person for the networked entity; 
authenticating the networked entity; 
assigning a password to the networked entity; and 
electronically sending the password to the received e-mail address. 

30. The method as recited in Claim 27 wherein a process for designating a 
networked consumer as a registered consumer comprises the acts of: 

receiving registration information fi-om the networked consumer including 
an e-mail address of the networked consumer; 
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authenticating the registered networked entity; 
assigning a password to the networked consumer; and 
electronically sending the password to the received e-mail address. 

5 31. An administrative server apparatus for facilitating a trusted transaction 
between a business entity and a networked consimier comprising: 

a communication mechanism for allowing the administrative server to 
electronically communicate with the business entity and a communication 
mechanism for allowing the administrative server to electronically communicate 
1 0 with a networked entity and the networked consumer; 

a business registration mechanism wherein the business entity can be 
authenticated and a unique identifier is assigned to the business entity (BEID), 
whereby the business entity is designated a registered business entity; 

a mechanism for allowing the registered business entity to selectively access 
15 the administrative server to submit details of products and/or services provided by 
the registered business entity and to view selections made by the networked 
consumer, and a storage device for storing the details of products and/or services 
provided by the registered business entity; 

a networked entity registration mechanism wherein the networked entity can 
2 0 be authenticated, whereby the networked entity is designated a registered networked 
entity; and 

a networked consumer registration mechanism whereby a networked 
consumer having authorized access to a registered networked entity's system can be 
designated a registered consumer and assigned a unique registered consumer 
2 5 identifier (RCID), and whereby a registered consumer with a vahd RCID will be 
allowed access to data provided by a registered business entity and make selections 
on the data, the selections being stored in the storage device of the administrative 
server apparatus. 
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32. The apparatus as recited in Claim 31 wherein the registered consumer has 
authorized access to the registered networked entity's system through the registered 
networked entity's intra-network system. 

5 33. The apparatus as recited in Claim 31 wherein the registered consumer has 
authorized access to the registered networked entity's system through an Internet 
system. 

34. The apparatus as recited in Claim 31 further comprising an on-line payment 
1 0 mechanism where a registered consumer can make payments to a business entity for 

goods and/or services selected by the registered consumer. 

35. The apparatus as recited in Claim 31 wherein the communications 
mechanisms employ a secure socket layer protocol. 

15 

36. The apparatus as recited in Claim 31 wherein the identifiers comprise an e- 
mail address and a password. 

37. The apparatus as recited in Claim 36 wherein the business entity registration 
2 0 mechanism comprises: 

a mechanism for receiving registration information fi-om the business entity 
including an e-mail address of a contact person for the business entity; 

a mechanism for authenticating the business entity; 

a mechanism for assigning a password to the business entity; and 
2 5 a mechanism for electronically sending the password to the received e-mail 

address. 

38. The apparatus as recited in Claim 36 wherein the networked entity 
registration mechanism comprises: 



sf-983914 



41 



426882001800 



a mechanism for receiving registration information from the networked 
entity including an e-mail address of a contact person for the networked entity; 

a mechanism for authenticating the networked entity; 

a mechanism for assigning a password to the networked entity; and 

a mechanism for electronically sending the password to the received e-mail 
address. 

39. The apparatus as recited in Claim 36 wherein the networked consumer 
registration mechanism comprises: 

a mechanism for receiving registration information from the networked 
consumer including an e-mail address of the networked consumer; 

a mechanism for authenticating the registered networked entity; 

a mechanism for assigning a password to the networked consumer; and 

a mechanism for electronically sending the password to the received e-mail 
address. 

40. The apparatus as recited in Claim 31 wherein the authentication is 
accomplished by exchanging digital certificates. 

41. The apparatus as recited in Claun 31 further comprising a mechanism for 
authenticating the registered networked entity prior to designating the networked 
consumer as a registered consimier. 

42. The apparatus as recited in Claim 34 wherein the identifiers comprise an e- 
mail address and a password. 

43. The apparatus as recited in Claim 42 wherein the busmess entity registration 
mechanism comprises: 

a mechanism for receiving registration information from the business entity 
including an e-mail address of a contact person for the business entity; 
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a mechanism for authenticating the business entity; 
a mechanism for assigning a password to the business entity; and 
a mechanism for electronically sending the password to the received e-mail 
address. 

5 

44. The apparatus as recited in Claim 42 wherein the networked entity 

registration mechanism comprises: 

a mechanism for receiving registration information from the networked 

entity including an e-mail address of a contact person for the networked entity; 
10 a mechanism for authenticating the networked entity; 

a mechanism for assigning a password for the networked entity; and 

a mechanism for electronically sending the password to the received e-mail 

address. 



15 45. The apparatus as recited in Claim 42 wherein the networked consumer 
registration mechanism comprises: 

a mechanism for receiving registration information from the networked 
consumer including an e-mail address of the networked consumer; 

a mechanism for authenticating the registered networked entity; 
2 0 a mechanism for assigning a password to the networked consumer; and 

a mechanism for electronically sending the password to the received e-mail 
address. 



46. A system under the control of a business entity facilitating a trusted 
2 5 transaction with a networked consumer, the system comprising: 
a business entity server; 

an electronic communicating mechanism for providing the business entity 
server access to a server-to-server electronic communication channel; 
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an authenticating system coupled to said business entity server for 
facilitating an authentication process of the business entity when said networked 
entity server is accessing the electronic communication channel; and 

a mechanism for outputting registration information wherein the ouputting 
5 of the registration information initiates the authentication process of the business 
entity, and for receiving a business entity identifier, wherein outputting the business 
entity identifier allows details of products and/or services to be outputted to the 
electronic communication channel and further allows selections of products and/or 
services made by the networked consumer to be received from the electronic 
10 communication channel. 

47. The system as recited in Claim 46 wherein the authenticating system 
employs a digital certificate authenticating protocol. 

15 48. The system as recited in Claim 46 wherein the electronic communication 
mechanism employs the secure socket layer protocol. 

49. The system as recited in Claim 46 wherein the business entity identifier is an 
e-mail address of a contact person for the business entity and a password. 

20 

50. The system as recited in Claim 46 wherein the networked consumer has 
authorized access to an intra-network system of a networked entity. 

51. The system as recited in Claim 50 wherein the authenticating system 
2 5 employs a digital certificate authenticating protocol. 

52. The system as recited in Claim 50 wherein the electronic communication 
mechanism employs the secure socket layer protocol. 
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53. The system as recited in Claim 50 wherein the business entity identifier is an 
e-mail address of a contact person for the business entity and a password. 

54. A system imder the control of a networked entity facilitating a trusted 
5 transaction between a business entity and a networked consumer, the system 

comprising: 

a networked entity server; 

a system for facilitating an electronic connection of the networked entity 
server to a PC via a network system; 

10 a communication mechanism for providing networked entity server access to 

a server-to-server electronic communication channel; 

an authenticating system coupled to the networked entity server for 
facilitating an authentication process of the networked entity when the networked 
entity server is accessing the electronic communication channel; 

15 a mechanism for outputting networked entity registration information and 

for receiving a networked entity identifier, wherein the outputting of the networked 
entity registration information initiates the authentication process; and 

a mechanism for allowing the PC to access the electronic communication 
channel to output networked consumer registration information wherein the 

20 outputting of the networked consumer registration information initiates the 
authentication process of the networked entity, and for allowing the PC to receive a 
registered consumer identifier wherein an outputting of the registered consumer 
identifier allows the PC to receive details of products and/or services and to make 
selections on the products and/or services. 

25 

55. The system as recited in Claim 54 wherein the network system is an intra- 
network system. 

56. The method as recited in Claim 54 wherein the network system is an hitemet 
3 0 system. 
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57. The system as recited in Claim 54 wherein said authenticating system 
employs the digital certificate authenticating protocol. 

5 58. The system as recited in Claim 54 wherein the communicating mechanism 
employs the secure socket layer protocol. 

59. The system as recited in Claim 55 wherein the intra-network system is a 
local area network system. 

10 

60. The system as recited in Claim 55 wherein the intra-network system is a 
wide area network system. 

61. The system as recited in Claim 54 wherein an authorized access requires 
1 5 submission of a proper login ID and password. 

62. The system as recited in Claim 54 wherein the identifiers comprise an e-mail 
address and password. 
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ABSTRACT OF THE DISCLOSURE 

METHOD AND SYSTEM FOR FACILITATING A TRUSTED 
ON-LINE TRANSACTION BETWEEN BUSINESSES 
5 AND NETWORKED CONSUMERS 

The present invention establishes a trusted market place which allows goods 
and services to be transacted on the Internet between business entities and certain 
type of consumers called "networked consumers" who can be properly authenticated 

10 without requiring each to obtain an authenticating device. The market players are 
the business entities, the networked entities, and the networked consumers. In this 
market structure, a plurality of business entities have access to the market place, and 
they place details of goods and/or services to be sold on-line. The networked 
consumers can access the market place to purchase the goods and services, but at 

1 5 least the registration must occur through a networked entity having an authenticating 
system. Because the authentication is performed via the networked entities, no 
authenticating system is required by the networked consumers. 
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BUSINESS OR NETWORK 
ENTITY ACCESSES 
ADMINISTRATOR WEB SITE - 
AND SELECTS 
REGISTRATION 

i 

ADMINISTRATOR 
AUTHENTICATES THE 
BUSINESS OR NETWORKED 
ENTITY BY EXCHANGING 
DIGITAL CERTIFICATES 

i 

SECURITY SERVER READS 
FROM DIGITAL CERTIFICATE 
THE NAME OF OWNER ■ 
AND DOMAIN NAME 
OF SERVER 

1 



IF PROPERLY 
AUTHENTICATED, 
ADMINISTRATOR ALLOWS * 
NETWORKED OR BUSINESS 
ENTITY TO REGISTER 



BUSINESS OR NETWORKED 

ENTITY ENTERS ITS 
PARTICULARS INCLUDING ' 
E-MAIL OF CONTACT 
PERSON 

i 

ADMINISTRATOR CHECKS 

DOMAIN NAME OF 
ENTERED E-MAILADDRESS 



ADMINISTRATOR E-MAILS 
TO BUSINESS OR 
NETWORKED ENTITY 
A PASSWORD 



180 



FIG. 7 
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NETWORKED CONSUMER 
LOGS INTO NETWORKED 
ENTITY'S INTRA-NETWORK 
SYSTEM 



NETWORKED CONSUMER 
ACCESSES A SPECIFIED 
WEB PAGE PROVIDED BY 
NETWORKED ENTITY'S 
SERVER AND SELECTS 
•REGISTRATION' 



200 



205 



THE NETWORKED ENTITY'S 
WEB PAGE REDIRECTS 
THE NETWORKED 

CONSUMER TO 
ADMINISTRATOR'S 
REGISTRATION WEB PAGE 



210 



THE ADMINISTRATOR 
AUTHENTICATES THE 
NETWORKED ENTITY'S 
SERVER BY 
EXCHANGING 
DIGITAL CERTIFICATES 



IF PROPERLY 
AUTHENTICATED, 
ADMINISTRATOR ALLOWS 
NETWORKED 
CONSUMER TO 
REGISTER 



NETWORKED 
CONSUMER ENTERS 
HIS/HER PARTICULARS 
INCLUDING 
E-MAIL ADDRESS 



ADMINISTRATOR CHECKS 

DOMAIN NAME OF 
ENTERED E-MAIL ADDRESS 



ADMINISTRATOR E-MAILS 
TO NETWORKED 
CONSUMER HIS/HER 
PASSWORD 



235 



FIG. 8 
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PRODUCTS AND SERVICES 

INDUSTRY: TELECOMMUNiCATIONS 
PRODUCT/SERVICE 

'^250 



PRICE 

'^255 



DETAILED DESCRIPTION OF PRODUCT/SERVICE 
'^260 



MARKET VALUE OF PRODUCT/SERVICE 
'---265 



• NEXT PRODUCT/SERVICE "^270 



FIG. 9 
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GROUP BENEFITS PLANS 

INDUSTRY: INSURANCE 
PLAN TITLE 

'^300 



PRICE OF PLAN 

'^305 



DETAILED DESCRIPTION OF PLAN 
---^310 



MARKET VALUE OF PLAN 

-^315 



• NEXT PLAN ~320 



FIG. 10 
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340 



PRE-NEGOTIATED GROUP BENEFITS PLAN DETAILS 

' PLAN ID: 1234567XYZ 



■ INDUSTRY: TELECOMMUNICATIONS 



« ^ PROVIDER/ 

CONTACT INFO: 

PLAN TITLE: 

-PRICE OF PLAN: 

' DETAILED 
DESCRIPTION 
OF PLAN: 



XYZ TELECOMMUNICATION COMPANY 
CONTACT PARTICULARS 



PLAN X 
$50/mo. 



- MARKET VALUE 
OF PLAN: 



$70/mo. 



FIG. 11 
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NEGOTIATED GROUP BENEFITS PLAN DETAILS 

■ NETWORKED ENTITY IDENTIFIER: 45678LMO 
- PLAN ID: 1234567XYZ 
■ INDUSTRY: TELECOMMUNICATIONS 



PROVIDER/ 

CONTACT INFO: 

PLAN TITLE: 

.^NEGOTIATED 
PRICE OF PLAN: 

- DETAILED 
DESCRIPTION 
OF PLAN: 



XYZ TELECOMMUNICATION COMPANY, 
CONTACT PARTICULARS 



PLANX 
$40/mo. 



- MARKET VALUE 
OF PLAN: 



$70/mo. 



• ENDORSE 



FIG. 12 
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PLAN CONFIGURATOR 

■ PLAN ID: 1234567XYZ 



405- 
410' 

415- 
420- 
430- 



- INDUSTRY: TELECOMMUNICATIONS 



PROVIDER/ 

CONTACT INFO: 

PLAN TITLE: 

-PRICE OF PLAN: 

- DETAILED 
DESCRIPTION 
OF PLAN: 



XYZ TELECOMMUNICATION COMPANY, 
CONTACT PARTICULARS 

PLANX 

I $50/mo.f ^425 



- MARKET VALUE 
OF PLAN: 

NEGOTIATED 

' PARTY'S 

IDENTIFIER: 



$70/mo. 



3^445 



i_ 



t 



FiG. 13 
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ENDORSED GROUP BENEFITS PLAN DETAILS 

■ NETWORKED ENTITY IDENTIFIER: 45678LiV10 
— PLAN ID: 1234567XYZ 
- INDUSTRY: TELECOMMUNICATIONS 



^ ^ PROVIDER/ 

CONTACT INFO: 

PLAN TITLE: 

-PRICE OF PLAN: 

- DETAILED 
DESCRIPTION 
OF PLAN: 



XYZ TELECOMMUNICATION COMPANY, 
CONTACT PARTICULARS 



PLANX 
$40/mo. 



- MARKET VALUE 

OF PLAN: $70/mo. 



► MORE INFO. 



540 



FIG. 14 
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PRODUCT AND SERVICE DETAILS 

INDUSTRY: TELECOMMUNICATIONS 

- PRODUCT/SERVCE ID: 7654321JKL 

INDUSTRY: TELECOMMUNICATIONS 

PROVIDER/ XYZ TELECOMMUNICATION COMPANY, 
CONTACT INFO: CONTACT PARTICULARS 

- PRODUCT/SERVICE; MOBILE PHONE MODEL Z 

PRICE OF 

PRODUCT/SERVICE: $100 

- DETAILED 
DESCRIPTION 
OF PRODUCT/ 
SERVICE: 



— MARKET VALUE OF 
PRODUCT/SERVICE: $120 



• MORE INFO. • ADD TO SHOPPING CART 



7 



590 



FIG. 15 
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BUSINESS ENTITY OPTIONS 

^ 1. SUBMIT DETAILS OF PRODUCTS/SERVICES 

. 2. SUBMIT DETAILS OF GROUP BENEFITS PLAN 

. 3. CONFIGURE THE GROUP BENEFITS PLAN 

. 4 SEE THE LIST OF SUBMITTED PRODUCTS/SERVICES 
OR GROUP BENEFITS PLANS 

- 5. VIEW THE LIST OF SELECTED PRODUCTS/SERVICES 

" 6. VIEW THE LIST OF SELECTED GROUP BENEFITS PLANS 



FIG. 16 
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650 



NETWORKED ENHTY OPTIONS 

. 1 . VIEW THE LIST OF PRODUCTS/SERVICES 

^ 2 VIEW THE LIST OF PRE-NEGOTIATED GROUP 
BENEFITS PLANS 

- 3 VIEW THE LIST OF NEGOTIATED GROUP BENEFITS 
PLANS 

-4. VIEW THE LIST OF ENDORSED GROUP BENEFITS PLANS 



FIG. 17 
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NETWORKED CONSUMER OPTIONS 



- 1. VIEW THE LIST OF PRODUCTS/SERVICES 

^ 2. VIEW THE LIST OF ENDORSED GROUP 
BENEFITS PLANS 



FIG. 18 
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